oss-sec mailing list archives
Re: Clear text password in process list when using MySQL GUI tools
From: Josh Bressers <bressers () redhat com>
Date: Thu, 18 Nov 2010 08:39:47 -0500 (EST)
----- "Martin Drescher" <drescher () snafu de> wrote:
If you use some MySQL-GUI-tool in most (any?) linux distribution like mysql-admin or mysql-query-browser and then open 'Tools -> MySQL Text Console' your password, user name and host will become exposed in the process list. I think this issue must exists over a long time in many distributions now but nobody ever cared about. For Debian users: Packages mysql-query-browser, mysql-admin are affected.
While I suspect there are more things with these problems, let's start with
these two:
CVE-2010-4177 mysql-query-browser clear text password in process list
CVE-2010-4178 mysql-admin clear text password in process list
Thanks.
--
JB
Current thread:
- Clear text password in process list when using MySQL GUI tools Martin Drescher (Nov 16)
- Re: Clear text password in process list when using MySQL GUI tools Josh Bressers (Nov 17)
- Re: Clear text password in process list when using MySQL GUI tools Moritz Muehlenhoff (Nov 17)
- Re: Clear text password in process list when using MySQL GUI tools Steven M. Christey (Nov 17)
- Re: Clear text password in process list when using MySQL GUI tools Josh Bressers (Nov 18)
- Re: Clear text password in process list when using MySQL GUI tools Josh Bressers (Nov 17)